1

Topic: Rearrange PunBB folders - prevent Bad HTTP_REFERER errors

Integrating my main site's registration/login script turned out to be too complicated, so I'm now trying to use PunBB's registration/login for my main site.

So I copied registration.php, login.php and several other files from my '/forum' folder to the root and put heavily edited common.php, functions.php etc. in a '/common' folder I already had for sitewide includes etc.

But in some cases I got Bad HTTP_REFERER errors, so I'm forced to move more and more PunBB files to the root, including all those admin_ files.

Can I at least keep the forum itself (viewforum.php, viewtopic.php, etc) in the forum folder? Or will I have to move everything to the root to prevent Bad HTTP_REFERER errors?

Can I put all those admin_files in an '/admin' folder? Which addresses should I change? Or is it impossible without getting Bad HTTP_REFERER errors?

I'm still trying to keep PunBB somewhat seperate from the rest of my site. I've already had to rename PunBB's redirect function to fix a conflict with another PHP script in my site.

Re: Rearrange PunBB folders - prevent Bad HTTP_REFERER errors

I just quickly grep'ed HTTP_REF:

$redirect_url = (isset($_SERVER['HTTP_REFERER']) && preg_match('#^'.preg_quote($pun_config['o_base_url']).'/(.*?)\.php#i', $_SERVER['HTTP_REFERER'])) ? htmlspecialchars($_SERVER['HTTP_REFERER']) : 'index.php';

See that $pun_config['o_base_url']? I think it's either set in the database, or in config.php, either way, just cheat. copy register.php login.php include/functions.php and at the top of functions put $pun_config['o_base_url'] = 'http://mybaseurl'. It's the base url from your forum, minus the forum directory.

echo "deadram"; echo; fortune;

3 (edited by Peter 2007-03-08 19:26)

Re: Rearrange PunBB folders - prevent Bad HTTP_REFERER errors

deadram wrote:

I just quickly grep'ed HTTP_REF:

$redirect_url = (isset($_SERVER['HTTP_REFERER']) && preg_match('#^'.preg_quote($pun_config['o_base_url']).'/(.*?)\.php#i', $_SERVER['HTTP_REFERER'])) ? htmlspecialchars($_SERVER['HTTP_REFERER']) : 'index.php';

See that $pun_config['o_base_url']? I think it's either set in the database, or in config.php, either way, just cheat. copy register.php login.php include/functions.php and at the top of functions put $pun_config['o_base_url'] = 'http://mybaseurl'. It's the base url from your forum, minus the forum directory.

Thanks deadram!

This does sound like the kind of solution I'm looking for, but you're a little cryptic. What do you mean "I just quickly grep'ed HTTP_REF"? What's that line of code?

The baseurl is set in the admin options and probably stored in the database (I'd have to check). I've already changed the baseurl to the root (to fix one referrer error) and strangely enough viewing the forum in '/forum' seems unaffected so far.

You can do a lot by editing define('PUN_ROOT', './'); I'm just worried I'm messing up the "integrity of the system" and will get punished for it with Bad HTTP_REFERER errors.

And what about the admin_ files? Is it possible to put them in their own '/admin' folder? Why aren't they? Has anyone tried that?

Re: Rearrange PunBB folders - prevent Bad HTTP_REFERER errors

Peter wrote:

What do you mean "I just quickly grep'ed HTTP_REF"? What's that line of code?

"grep -r HTTP_REF ./" - a *nix command to search recursively in directory "./" and find the text string HTTP_REF and then print the file name and the line in that file that contains said text. google it for more info. the line was from login.php if I remeber correctly.

The baseurl is set in the admin options and probably stored in the database (I'd have to check). I've already changed the baseurl to the root (to fix one referrer error) and strangely enough viewing the forum in '/forum' seems unaffected so far.

Bad idea, sooner or later you'll probably run into problems. Set it seperatly for the "root-directory minimal pun" and the "forum-directory punbb". or you could just not have a forum directory 0.o tongue

And what about the admin_ files? Is it possible to put them in their own '/admin' folder? Why aren't they? Has anyone tried that?

I havn't tried, but assuming you still have a PUN_ROOT define, you should be able to. search each admin file for admin_ though and switch it to ./ and in the admin folder the PUN_ROOT is "../" not "./".

echo "deadram"; echo; fortune;

5

Re: Rearrange PunBB folders - prevent Bad HTTP_REFERER errors

deadram wrote:
Peter wrote:

What do you mean "I just quickly grep'ed HTTP_REF"? What's that line of code?

"grep -r HTTP_REF ./" - a *nix command to search recursively in directory "./" and find the text string HTTP_REF and then print the file name and the line in that file that contains said text. google it for more info. the line was from login.php if I remeber correctly.

Thanks, but what does that line do? What are you saying?

I don't even know what a "Bad HTTP_REFERER error" is exactly. I'm not a PHP coder. I don't know Linux. I use Macromedia Homesite to search and replace text strings.

I know keeping PunBB's folder structure intact is the "best" solution, but my question is what if I want to rearrange them? What if I don't want all those Pun-files at the root of my site?

Is it at all possible to change the folder structure? How should I approach it? Would I be OK if I edit the PUN_ROOT define at the top of pages? Or is the key in that $redirect_url line of code?

Re: Rearrange PunBB folders - prevent Bad HTTP_REFERER errors

I would leave PunBB's stuff intact, and change your own stuff to make it work. If you have any more specific questions, just ask.

Re: Rearrange PunBB folders - prevent Bad HTTP_REFERER errors

if your not a php coder, move everything to the root directory. If you're willing to spend some time learning, then you won't have to.

I just quickly grep'ed HTTP_REF:

because

But in some cases I got Bad HTTP_REFERER errors, so I'm forced to move more and more PunBB files to the root, including all those admin_ files.

. Clearly, the text HTTP_REFERER had something to do with the error you were getting.

$redirect_url = (isset($_SERVER['HTTP_REFERER']) && preg_match('#^'.preg_quote($pun_config['o_base_url']).'/(.*?)\.php#i', $_SERVER['HTTP_REFERER'])) ? htmlspecialchars($_SERVER['HTTP_REFERER']) : 'index.php';

This line shows some of the logic HTTP_REFERER is used for. It would look clearer like this:

// If $_SERVER['HTTP_REFERER'] exists, and is within the $pun_config['o_base_url']
if ( isset($_SERVER['HTTP_REFERER']) && preg_match('#^'.preg_quote($pun_config['o_base_url']).'/(.*?)\.php#i', $_SERVER['HTTP_REFERER'])) )
{
    $redirect_url = htmlspecialchars($_SERVER['HTTP_REFERER']);
}

// Else if "Bad HTTP_REFERER, just use index.php for our redirect
else
{
    $redirect_url = 'index.php';
}

Clearly that line is not giving you "Bad HTTP_REFERER error"'s it does show you the logic to have one though. $redirect_url is used to send your browser back to whatever page you came from, wqhen you click on login (if i remeber correctly). When your configured $pun_config['o_base_dir'] doesn't contain $_SERVER['HTTP_REFERER'] you get an error. $_SERVER is a php variable that contains all kinds of information. google it for more information.

echo "deadram"; echo; fortune;

8 (edited by Peter 2007-03-09 20:34)

Re: Rearrange PunBB folders - prevent Bad HTTP_REFERER errors

deadram wrote:

... google it for more information.

Googling on this type of keywords is usually pointless. I don't have time to wade through wide-ranging technical discussions full of coder/linux jargon just to fix a specific, practical issue in PunBB.

In this case my basic question still is whether it is theoretically possible to rearrange the folders. Is it just a matter of editing addresses and redirects or are there, for example, serious security issues involved.

I know as a lowly non-coder I'm not supposed to touch the code in the first place, but that's not what I'm asking.

PunBB to me is bloated because I don't need the language files and some other stuff that makes the code more complicated than it could be. I like PunBB, but I'm not too happy that I have to let it take over my entire site if I want to integrate it properly.

Re: Rearrange PunBB folders - prevent Bad HTTP_REFERER errors

Googling on this type of keywords is usually pointless. I don't have time to wade through wide-ranging technical discussions full of coder/linux jargon just to fix a specific, practical issue in PunBB.

I'd have to disagree with you: it really is helpful, especially when looking to figure out what a PHP variable or function is (not necessarily a PunBB specific one). In this case, the first result was http://us2.php.net/reserved.variables, which gives a rundown of every element of $_SERVER.

In this case my basic question still is whether it is theoretically possible to rearrange the folders. Is it just a matter of editing addresses and redirects or are there, for example, serious security issues involved.

It's not as simple as just rearranging the folders for various reasons: there would be code editing involved

PunBB to me is bloated because I don't need the language files and some other stuff that makes the code more complicated than it could be. I like PunBB, but I'm not too happy that I have to let it take over my entire site if I want to integrate it properly.

I'm not convinced that you have to let PunBB "take over your entire site" in order to have integration. Why can't you just disable/remove PunBB's register.php page, add an insert statement to your registration page that creates a matching forum account, and add a set_cookie bit to your login page so that the user is logged into the forum as well?
And out of curiosity, what features of PunBB would you consider "bloat"? With regards to the language files, I'd say they really don't add another complicating layer: instead, they have all the output strings in one place so you only have to edit a string once to change it throughout the site.

Re: Rearrange PunBB folders - prevent Bad HTTP_REFERER errors

if your not a php coder, move everything to the root directory. If you're willing to spend some time learning, then you won't have to.

I think that is still applicable, If you just want easy integration, move the /forum stuff to the root directory. Rename index.php to forum.php (and any links to index.php to forum.php). No need to touch the code, no need to think, no need to read. Now even your websites php files can use punbb's login and session related data and functions.

If you are not willing to learn a little, you won't be able to do a little. If your not willing to learn alot, you won't be able to do alot. That applies to anything, and is not specific to punbb, php, computers, or even "scientific stuffs".

echo "deadram"; echo; fortune;

11 (edited by Peter 2007-03-10 05:42)

Re: Rearrange PunBB folders - prevent Bad HTTP_REFERER errors

Smartys wrote:

... I'd have to disagree with you: it really is helpful, especially when looking to figure out what a PHP variable or function is (not necessarily a PunBB specific one). In this case, the first result was http://us2.php.net/reserved.variables, which gives a rundown of every element of $_SERVER. ...

All that stuff only makes sense if you know PHP and yes, I'm not going to learn PHP from scratch because I have a thousand other things to do. But that doesn't mean I'm a complete moron. I have a general idea of what the code does, know html/css very well and have already rearranged and replaced a lot of code by copy/paste, trial/error. All I need is a few hints here and there, in plain English if possible.

I don't need 'a rundown of every element of $_SERVER'. My basic question is still if it's theoretically possible to rearrange folders, with a few systematic address changes of course, or are there other issues involved, security maybe, that I have to be aware of.

Smartys wrote:

... Why can't you just disable/remove PunBB's register.php page, add an insert statement to your registration page that creates a matching forum account, and add a set_cookie bit to your login page so that the user is logged into the forum as well?
And out of curiosity, what features of PunBB would you consider "bloat"? With regards to the language files, I'd say they really don't add another complicating layer: instead, they have all the output strings in one place so you only have to edit a string once to change it throughout the site.

I think that was my starting point, but I couldn't make it work and was adviced to just use PunBB registration. PunBB has a lot of interconnected files, many of which have little to do with the code I need, like the language files and the templating system. So everything is now sucked into the root of my site and headers and footers etc.

Re: Rearrange PunBB folders - prevent Bad HTTP_REFERER errors

I'm not going to learn PHP from scratch

I never learned PHP "from scratch" (whatever that means); I'd say over 95% of my PHP knowledge is from working with PunBB.

I don't know what you want hints for, so I'll just start from the top?

Peter wrote:

So I copied registration.php, login.php and several other files from my '/forum' folder to the root and put heavily edited common.php, functions.php etc. in a '/common' folder I already had for sitewide includes etc.

Why did you makes copies of these? Could you not use them as is in their original location?

13

Re: Rearrange PunBB folders - prevent Bad HTTP_REFERER errors

guardian34 wrote:

... Why did you makes copies of these? Could you not use them as is in their original location?

At the end I want to have a system that's somewhat logical and transparant. I'm trying to put all the common site elements in one folder (with sub-folders) and have seperate folders for 'forum', 'blog', 'rsvp', 'admin', etc. I couldn't integrate my header and footer into PunBB because the templating system doesn't allow php includes - I know there's a workaround - so that was one reason to start to rearrange stuff. Also function redirect clashed with another php script on the same page, so I had to edit functions.php

Re: Rearrange PunBB folders - prevent Bad HTTP_REFERER errors

I couldn't integrate my header and footer into PunBB because the templating system doesn't allow php includes

Of course it does
http://punbb.org/docs/faq.html#faq3_4

15

Re: Rearrange PunBB folders - prevent Bad HTTP_REFERER errors

Smartys wrote:

I couldn't integrate my header and footer into PunBB because the templating system doesn't allow php includes

Of course it does http://punbb.org/docs/faq.html#faq3_4

Yes, I know about this workaround. I have used it in previous versions of my project. This include method only works with files in the same folder, so you have to create files that don't do nothing but pull in other files from somewhere else. Like I said, I'm trying to put together a system that's logical and transparant and want to avoid this type of silliness.

Ideally I would like to get rid of all the templating systems and language files from the different php scripts I'm trying to put together, just keep the functional code and my own html and css. PunBB is great, but I wish there was an even liter php forum script like this ultralean CMS. BTW, he uses PunBB for his forum! wink

16

Re: Rearrange PunBB folders - prevent Bad HTTP_REFERER errors

Peter wrote:

PunBB is great, but I wish there was an even liter php forum script like this ultralean CMS. BTW, he uses PunBB for his forum! wink

sNews is really small, one script does it all. It's great for small sites, but if you want to really have a true CMS, then Textpattern would be a better choice.

Size does matter, the fewer lines of code, the easier to secure and hack up. But it gets to a point where you're limiting yourself for very little in return.

17 (edited by Peter 2007-03-10 21:18)

Re: Rearrange PunBB folders - prevent Bad HTTP_REFERER errors

hcgtv wrote:
Peter wrote:

PunBB is great, but I wish there was an even liter php forum script like this ultralean CMS. BTW, he uses PunBB for his forum! wink

sNews is really small, one script does it all. It's great for small sites, but if you want to really have a true CMS, then Textpattern would be a better choice.

Size does matter, the fewer lines of code, the easier to secure and hack up. But it gets to a point where you're limiting yourself for very little in return.

I will use sNews for several small company websites. It seems perfect for that.

I'm looking for scripts that I can use to build a transparant, solid basis for a site that I can add to and expand on later if necessary. What exactly are the limitations of a script liked sNews? Structural database issues?

Getting back to my original topic, is it possible to set a "base url" for a php page? I've moved the admin files to an admin folder (and replaced all admin_index.php links with admin/index.php etc). It would probably save me a lot of trouble if I could add a line of code at the top of those php files to tell the system to treat them as if they are still at the root.

I am trying to google the answer, but have trouble coming up with the right keywords... Any help is appreciated. If I find the solution I'll post it.

Re: Rearrange PunBB folders - prevent Bad HTTP_REFERER errors

<?php
@chdir(../)
?>

Is that what your looking for?

echo "deadram"; echo; fortune;

19 (edited by Peter 2007-03-12 00:59)

Re: Rearrange PunBB folders - prevent Bad HTTP_REFERER errors

deadram wrote:

Is that what your looking for?

Probably. Thanks! smile

I'm now trying to systematically use the define('PUN_ROOT', '../'); trick throughout my site, hoping that will help fix the admin folder as well. If not I'll try @chdir(../). I'll update with the results...

edit: I think I now got the /admin folder working. @chdir('../'); seems to prevent Bad HTTP_REFERER errors in this case. smile

20 (edited by Peter 2007-03-15 20:28)

Re: Rearrange PunBB folders - prevent Bad HTTP_REFERER errors

I can't make this work with any addressing tweaks.

Is there no way to completely bypass the HTTP_REFERER and o_base_url stuff? Elsewhere in the site I use this type of redirect:

    echo '<meta content="6; URL = http://mywebsite.com/admin/index.php" http-equiv="Refresh" />';
echo '<center>You have succesfully done something and are being redirected to the administration section.</center>';

Or are there consequences for security etc.?

Why should I leave function confirm_referrer in place? Can't I just strip all that stuff from the code?

21 (edited by Peter 2007-03-15 23:04)

Re: Rearrange PunBB folders - prevent Bad HTTP_REFERER errors

SUCCESS! I'm not that dumb after all...

All the files in newly created folders one level up get this at the top:

@chdir('../');

define('PUN_ROOT', 'regularpunfolder/');
require PUN_ROOT.'include/common.php';

...etc.

After some clean-up it works fine. To fix the remaining referrer errors I've created a new function in functions.php:

//
// admin referrer fix
//
function confirm_adminreferrer($script)
{
    global $pun_config, $lang_common;

    if (!preg_match('#^'.preg_quote(str_replace('www.', '', $pun_config['o_base_url']).'/admin/'.$script, '#').'#i', str_replace('www.', '', (isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : ''))))
        message($lang_common['Bad referrer']);
}

And renamed all confirm_referrer in my new admin folder to confirm_adminreferrer.

It fixes the referrer errors. It's relatively transparent. I can do the same for my new forum folder.

And OK, it's probably what deadram meant in the second post. It just took me a week to figure out. ;(